Skip to content

Commit

Permalink
Moved "probe_tls_certificate_info" labels into "probe_ssl_last_chain_…
Browse files Browse the repository at this point in the history
…info" metric

Signed-off-by: Daniel Jolly <[email protected]>
  • Loading branch information
djcode committed Jul 22, 2022
1 parent 9408983 commit a6b7fb4
Show file tree
Hide file tree
Showing 4 changed files with 18 additions and 35 deletions.
15 changes: 8 additions & 7 deletions prober/grpc.go
Original file line number Diff line number Diff line change
Expand Up @@ -109,11 +109,12 @@ func ProbeGRPC(ctx context.Context, target string, module config.Module, registr
[]string{"version"},
)

probeTLSCertInformation = prometheus.NewGaugeVec(prometheus.GaugeOpts{
Name: "probe_tls_certificate_info",
Help: "Returns the information about the certificate",
},
[]string{"subject", "issuer", "subjectalternative"},
probeSSLLastInformation = prometheus.NewGaugeVec(
prometheus.GaugeOpts{
Name: "probe_ssl_last_chain_info",
Help: "Contains SSL leaf certificate information",
},
[]string{"fingerprint_sha256", "subject", "issuer", "subjectalternative"},
)
)

Expand All @@ -127,7 +128,7 @@ func ProbeGRPC(ctx context.Context, target string, module config.Module, registr
registry.MustRegister(healthCheckResponseGaugeVec)
registry.MustRegister(probeSSLEarliestCertExpiryGauge)
registry.MustRegister(probeTLSVersion)
registry.MustRegister(probeTLSCertInformation)
registry.MustRegister(probeSSLLastInformation)

if !strings.HasPrefix(target, "http://") && !strings.HasPrefix(target, "https://") {
target = "http://" + target
Expand Down Expand Up @@ -210,7 +211,7 @@ func ProbeGRPC(ctx context.Context, target string, module config.Module, registr
isSSLGauge.Set(float64(1))
probeSSLEarliestCertExpiryGauge.Set(float64(getEarliestCertExpiry(&tlsInfo.State).Unix()))
probeTLSVersion.WithLabelValues(getTLSVersion(&tlsInfo.State)).Set(1)
probeTLSCertInformation.WithLabelValues(getSubject(&tlsInfo.State), getIssuer(&tlsInfo.State), getDNSNames(&tlsInfo.State)).Set(1)
probeSSLLastInformation.WithLabelValues(getFingerprint(&tlsInfo.State), getSubject(&tlsInfo.State), getIssuer(&tlsInfo.State), getDNSNames(&tlsInfo.State)).Set(1)
} else {
isSSLGauge.Set(float64(0))
}
Expand Down
15 changes: 3 additions & 12 deletions prober/http.go
Original file line number Diff line number Diff line change
Expand Up @@ -282,7 +282,7 @@ func ProbeHTTP(ctx context.Context, target string, module config.Module, registr
Name: "probe_ssl_last_chain_info",
Help: "Contains SSL leaf certificate information",
},
[]string{"fingerprint_sha256"},
[]string{"fingerprint_sha256", "subject", "issuer", "subjectalternative"},
)

probeTLSVersion = prometheus.NewGaugeVec(
Expand All @@ -293,14 +293,6 @@ func ProbeHTTP(ctx context.Context, target string, module config.Module, registr
[]string{"version"},
)

probeTLSCertInformation = prometheus.NewGaugeVec(
prometheus.GaugeOpts{
Name: "probe_tls_certificate_info",
Help: "Returns the information about the certificate",
},
[]string{"subject", "issuer", "subjectalternative"},
)

probeHTTPVersionGauge = prometheus.NewGauge(prometheus.GaugeOpts{
Name: "probe_http_version",
Help: "Returns the version of HTTP of the probe response",
Expand Down Expand Up @@ -650,12 +642,11 @@ func ProbeHTTP(ctx context.Context, target string, module config.Module, registr

if resp.TLS != nil {
isSSLGauge.Set(float64(1))
registry.MustRegister(probeSSLEarliestCertExpiryGauge, probeTLSVersion, probeTLSCertInformation, probeSSLLastChainExpiryTimestampSeconds, probeSSLLastInformation)
registry.MustRegister(probeSSLEarliestCertExpiryGauge, probeTLSVersion, probeSSLLastChainExpiryTimestampSeconds, probeSSLLastInformation)
probeSSLEarliestCertExpiryGauge.Set(float64(getEarliestCertExpiry(resp.TLS).Unix()))
probeTLSVersion.WithLabelValues(getTLSVersion(resp.TLS)).Set(1)
probeTLSCertInformation.WithLabelValues(getSubject(resp.TLS), getIssuer(resp.TLS), getDNSNames(resp.TLS)).Set(1)
probeSSLLastChainExpiryTimestampSeconds.Set(float64(getLastChainExpiry(resp.TLS).Unix()))
probeSSLLastInformation.WithLabelValues(getFingerprint(resp.TLS)).Set(1)
probeSSLLastInformation.WithLabelValues(getFingerprint(resp.TLS), getSubject(resp.TLS), getIssuer(resp.TLS), getDNSNames(resp.TLS)).Set(1)
if httpConfig.FailIfSSL {
level.Error(logger).Log("msg", "Final request was over SSL")
success = false
Expand Down
19 changes: 5 additions & 14 deletions prober/tcp.go
Original file line number Diff line number Diff line change
Expand Up @@ -102,7 +102,7 @@ func ProbeTCP(ctx context.Context, target string, module config.Module, registry
Name: "probe_ssl_last_chain_info",
Help: "Contains SSL leaf certificate information",
},
[]string{"fingerprint_sha256"},
[]string{"fingerprint_sha256", "subject", "issuer", "subjectalternative"},
)
probeTLSVersion := prometheus.NewGaugeVec(
prometheus.GaugeOpts{
Expand All @@ -111,13 +111,6 @@ func ProbeTCP(ctx context.Context, target string, module config.Module, registry
},
[]string{"version"},
)
probeTLSCertInformation := prometheus.NewGaugeVec(
prometheus.GaugeOpts{
Name: "probe_tls_certificate_info",
Help: "Returns the information about the certificate",
},
[]string{"subject", "issuer", "subjectalternative"},
)
probeFailedDueToRegex := prometheus.NewGauge(prometheus.GaugeOpts{
Name: "probe_failed_due_to_regex",
Help: "Indicates if probe failed due to regex",
Expand All @@ -142,12 +135,11 @@ func ProbeTCP(ctx context.Context, target string, module config.Module, registry
}
if module.TCP.TLS {
state := conn.(*tls.Conn).ConnectionState()
registry.MustRegister(probeSSLEarliestCertExpiry, probeTLSVersion, probeTLSCertInformation, probeSSLLastChainExpiryTimestampSeconds, probeSSLLastInformation)
registry.MustRegister(probeSSLEarliestCertExpiry, probeTLSVersion, probeSSLLastChainExpiryTimestampSeconds, probeSSLLastInformation)
probeSSLEarliestCertExpiry.Set(float64(getEarliestCertExpiry(&state).Unix()))
probeTLSVersion.WithLabelValues(getTLSVersion(&state)).Set(1)
probeTLSCertInformation.WithLabelValues(getSubject(&state), getIssuer(&state), getDNSNames(&state)).Set(1)
probeSSLLastChainExpiryTimestampSeconds.Set(float64(getLastChainExpiry(&state).Unix()))
probeSSLLastInformation.WithLabelValues(getFingerprint(&state)).Set(1)
probeSSLLastInformation.WithLabelValues(getFingerprint(&state), getSubject(&state), getIssuer(&state), getDNSNames(&state)).Set(1)
}
scanner := bufio.NewScanner(conn)
for i, qr := range module.TCP.QueryResponse {
Expand Down Expand Up @@ -209,12 +201,11 @@ func ProbeTCP(ctx context.Context, target string, module config.Module, registry

// Get certificate expiry.
state := tlsConn.ConnectionState()
registry.MustRegister(probeSSLEarliestCertExpiry, probeSSLLastChainExpiryTimestampSeconds, probeTLSCertInformation)
registry.MustRegister(probeSSLEarliestCertExpiry, probeSSLLastChainExpiryTimestampSeconds)
probeSSLEarliestCertExpiry.Set(float64(getEarliestCertExpiry(&state).Unix()))
probeTLSVersion.WithLabelValues(getTLSVersion(&state)).Set(1)
probeTLSCertInformation.WithLabelValues(getSubject(&state), getIssuer(&state), getDNSNames(&state)).Set(1)
probeSSLLastChainExpiryTimestampSeconds.Set(float64(getLastChainExpiry(&state).Unix()))
probeSSLLastInformation.WithLabelValues(getFingerprint(&state)).Set(1)
probeSSLLastInformation.WithLabelValues(getFingerprint(&state), getSubject(&state), getIssuer(&state), getDNSNames(&state)).Set(1)
}
}
return true
Expand Down
4 changes: 2 additions & 2 deletions prober/tls.go
Original file line number Diff line number Diff line change
Expand Up @@ -39,12 +39,12 @@ func getFingerprint(state *tls.ConnectionState) string {

func getSubject(state *tls.ConnectionState) string {
cert := state.PeerCertificates[0]
return cert.Subject.CommonName
return cert.Subject.String()
}

func getIssuer(state *tls.ConnectionState) string {
cert := state.PeerCertificates[0]
return cert.Issuer.CommonName
return cert.Issuer.String()
}

func getDNSNames(state *tls.ConnectionState) string {
Expand Down

0 comments on commit a6b7fb4

Please sign in to comment.